Cyber criminals and cyber spies active in Asia

By

By

COMMENTS

Share

COMMENTS

Related Content

James Lewis is Director of the Technology and Public Policy Program at CSIS, Washington, DC. This is the second of a five-part series on Asia in the age of cyber threats. Part 1 here.

Cyber espionage involves the illicit extraction of information; cyber crime is the illicit extraction of money. These activities are at the core of malicious activity in cyberspace. If the threat of cyber war is exaggerated, the risk of cyber espionage and cyber crime is vastly under-appreciated.

The most damaging aspect of cyber spying is economic espionage, where technology, research products, confidential business information and intellectual property can all be stolen. The damage may not be visible immediately in an economy, but then, the goal of espionage is not to be detected.

The internet eliminates the need in espionage (and crime) for physical proximity or interpersonal exchanges, reducing risk and cost. It allows the collection of signals intelligence without the requirement for bases, satellites, ships, or aircraft. And it provides a global capability to countries that previously had only a regional or national presence.

Espionage and crime are often indistinguishable, particularly given the use of proxies (cyber criminals who act at the direction of a government). Hacking incidents against the G20 and the International Monetary Fund (where confidential information prepared for meetings of world leaders was extracted) highlight the potentially strategic consequences of cyber espionage and crime for global political and economic activities.

Cooperation among Asian countries in combating cyber crime may be, in some ways, easier to obtain than cooperation in the other areas of cyber security that are more closely linked to state power and competition, but the utility of cyber crime as a proxy for pursuing state goals could also limit the scope of any agreement and compliance with it.

The profusion of private actors in cyberspace, their access to technology, and their ability to engage in illegal acts from their home location complicates cyber security. Those with hacking skills – the ability to implant malware or access a computer or network without the owner's permission – are joined by activists who use the internet for political exploits. The line blurs as many activists have the skill to engage in low-level hacking and some high-end hackers also have political agendas.

The most dangerous private actors can also operate as proxies – irregular forces who undertake action at the behest of the state. Russia and China use proxies to conduct cyber espionage and engage in politically coercive acts. Hackers and cyber criminal communities in both countries are tolerated, co-opted and at times assisted in their hacking and criminal activities against other nations. China's cyber espionage strategy combines both official programs and the coordination of unruly efforts of thousands of individuals, companies and civil agencies as intelligence collectors.

China's broad, diffuse, cyber espionage program reflects the traditional approach to intelligence collection; instead of relying on officers operating under official cover, China's approach has been described as 'a thousand grains of sand', where businessmen, researchers or students are asked to collect information when they visit a country.

Espionage and crime can be damaging, but countries do not go to war over it. Nations which support cyber crime and engage in cyber espionage appear to be careful to stay below the threshold of what could be considered the use of force or an act of war.

While cyber criminals do their best to keep their activities undetected, netizens and hacktivists do their best to send their message viral, often with disruptive outcomes. This is the subject of my next post in this series on cyber competition.